In the Claims: 

Please amend the claims as follows: 

1 . (Currently amended) A security token, comprising: 

• a one-time password mechanism, for rendering one-time password 
functionality; 

• a public-key mechanism, for rendering public-key functionality with respect to 
said one-time password functionality; and 

• communication means for connecting [[said]] the security token to [[said]] a 
host and for providing to [[said]] the security token [[the]] a power supply 
requi r e d for operating at least said public-key mechanism. 

2. (Currently amended) [[A]] The security token according to claim 1, further 

comprising a display, for displaying at least [[said]] a one-time password. 

3 . (Currently amended) [[A]] The security token according to claim 1, further 

comprising a smartcard chip, for secure storage of keys and for rendering 
security-related functionality. 

4. (Currently amended) [[AJ] The security token according to claim 1, wherein said 

one-time password mechanism comp rise incl udes means for generating a one- 
time value, said means selected from [[a]] the group compr 4smg consisting of: 

• a real-time clock[[,]]; and 

• a counter. 

5. (Currently amended) [[A]] The security token according to claim 1, wherein said 

communication means is selected from [[a]] the group comprising consisting of : 
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• a display for displaying [[the]] a password and thereafter manually providing 
[[the]] a displayed value of said password to [[a]] said host[[J]; 

• [[means]] a wired connection for connecting [[said]] the security token to said 
host- via a wired connection, ; and 

• [[means]] a wireless connection for connecting [[said]] die security token to 
said hos t via a wire l ess connection - 

6. (Currently amended) [[A]] The security token according to claim 5, wherein said 

wired eomm^ nication mea ns connection farther - com pris e means for providing a 
provides said power supply to [[said]] the security token. 

7. (Currently amended) [[A]] The security token according to claim [[5]] 6, further 

comprising including a chargeable power source, operative to be charged by 
[[the]] said wired connection power supplied via sa id communication means, for 
provid i ng the power for operating [[said]] the security token while not connected 
to said host. 

8. (Currently amended) A one-time password security token, for securely providing a 

one-time value to a host system, [[said]] the one-time password security token 
comprising: 

• means for generating [[said]] the one-time value; 

• a public-key infrastructure mechanism, for performing a public-key 
functionality with respect to [[said]] the one-time value; and 

• communication means for connecting [[said]] the security token with [[said]] 
the host system and for providing [[said]] an encrypted one-time value to 
[[said]] the host system. 
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9, (Currently amended) [[A]] The one-time password security token according to 

claim 8, wherein said public-key functionality with respect to [[said]] the one- 
time value is selected from [[a]] the group comprising consisting of : 

• encrypting [[said]] the one-time value by said public-key functionality^,]]; and 

• digitally signing [[said]] a one-time password, 

10, (Currently amended) [[A]] The one-time password security token according to 
claim 8, further comprising a display, for displaying at least [[the]] said encrypted 
one-time value. 

1 1, (Currently amended) [[A]] The one-time password security token according to 

claim 8, further comprising a smartcard chip, for rendering security-related 
functionality, 

12, (Currently amended) [[A]] The one-time password security token according to 

claim 8, wherein [[said]] the one-time value is selected from [[a]] the group 
comprising consisting of : 

• [[the]] a real-time [[,]]; 

• [[the]] a value of a counter[[ ? ]]; and 

• a group of random numbers. 

13, (Currently amended) [[A]] The one-time password security token according to 

claim 8, wherein said communication means is selected from [[a]] the group 
comprisi ng consisting of : 

• a display for displaying [[the]] a password and thereafter manually providing 
[[the]] a displayed value of said password to [[said]] the host systemF!" ,]]; 
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• a wired comm unication mea ns wi t h connection to [[said]] the host system[|V p; 
and 

• a wireless commu n ication means with connection to [[said]] the host system . 

14. (Currently amended) [[A]] The one-time password security token according to 

claim [[11]] 12, wherein said wired communication means connection further 
com p ri s e-m a ans for providing - a provides power s upply to [[said]] the one-time 
password security token. 

15. (Currently amended) [[A]] The one-time password security token according to 

claim [[8]] 14, further comprising a chargeable power source, operative to be 
charged by the power supplied by said - — c o mmun icatio n means said wired 
connection , for providing the power for operating said security token while not 
connected to [[said]] the host system . 

16. (Currently amended) A security system comprising: 

• at least one security token c ompri s ing including: 

■ a token one-time password mechanism, for rendering one-time password 
functionality; 

■ a token public-key mechanism, for rendering public-key functionality with 
respect to said token one-time password functionality; and 

" token communication means for connecting said at least one security 
token to [[said]] a host and for providing to said at least one security token 
[[the]] power supply required for operating at least [[the]] said token 
public-key mechanism; 

• a host system, co mp r is ing including : 
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» a host one-time password mechanism, corresponding to [[the]] said token 
one-time password mechanism of said at least one security token, for 
rendering one-time password functionality; 

" a host public-key mechanism, corresponding to [[the]] said token public- 
key mechanism of said at least one security token, for rendering public- 
key functionality; 

■ host communication means, corresponding to [[the]] said token 
communication means of said at least one security token, for 
communicating with said at least one security token and for providing to 
said at least one security token [[the]] power s upply - req uired for operating 
at least [[the]] said token public-key mechanis m of said s ec uri ty token , 

17. (Currently amended) [[A]] The system according to claim 16, wherein said token 

communication means is selected from [[a]] the group comprising consisting of : 

* a display embedded within each of said at least one security token, for 
displaying [[the]] a password and thereafter manually providing [[the]] a 
displayed value of said pa ssword to said host systemfM ] ; and 

• a wired commimi cat ion means through which s aid at le ast on e s ecurity token 
can be - provided with th e connection operati ve to supply to said at least one 
security token power su pply required for per-forming for operating at least said 
token public-key operations mechanism. 

18. (Currently amended) [[A]] The system according to claim [[16]] 17, wherein each 
ef-said at least one security token further compri sing comprises a chargeable 
power source, t o be charged-v - ia the power supp l y-provi d ed operative to be 
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charged by said c ommuni c atio Ehmeaas wired connection , for providing the po we r 
fer operating said at least one process or security token while not connected to 
said host , thereby enabling to operate s ai d security token without ©e t ernal power 
supply. 

19. (Currently amended) A method for authenticating a client by a host system, 

[[said]] the method comprising: 

• at [[said]] the client [[side]]: 

■ [[(a)]] generating a first one-time value; 

" HO 5 )]] performing a client public-key functionality with respect to said 
first one-time value; and 

" [[(c)]] providing said first one-time value to [[said]] the host system; and 

• at [[said]] the host system [[side]]: 

" [[(d)3] performing public-key functionality which — co rr esponds 
corresponding to [[the]] said client public key functionality p erformed at 
s tep (b) with [[the]] said first one-time provided value; and 

* [[( e )]] generating a second one-time value in— SHbstantially - the - same 
m anner - as said first one time valu& 4 s - generated ; and 

• authenticating [[said]] the client if b y the - correspondence of said second one- 
time value corresponds to said first one-time value. 

20. (Currently amended) [[A]] The method according to claim 19, wherein [[said]] a 
public-key functionality with respect to [[said]] a one-time value is selected from 
[[a]] the group comprising consisting of : 
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• encrypting said one-time value[[ ? ]]i and 

• digitally signing said one-time value. 

21. (Currently amended) [[A]] The method according to claim 19, wherein said client 

is a security token. 

22, (Currently amended) [[A]] The method according to claim [[19]] 21, wherein said 
providing the encrypted said first one-time value to said host system is carried out 
by a member of [[a]] the group comprising consisting of : 

• providing a display of said firs t one-time displaying - said encry p ted value at the 
client [[side]] and thereafter manually providing said first one-time v alu e from 
said display fee di s pla yed v alue to said host[[J]; 

• a wired connection from means for co nnecting said security token to said host 
system via a wired connection,; and 

• a wireless connection from m eans for connecting said security token to said 
host system via a wirel ess- e onnection . 
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For the convenience of the Examiner, the above claims as amended are 
repeated below in clean form without tracking notations. It is noted that all claims 
have the status of "(Currently amended)": 

1 . A security token, comprising: 

• a one-time password mechanism, for rendering one-time password 
functionality; 

• a public-key mechanism, for rendering public-key functionality with respect to 
said one-time password functionality; and 

• communication means for connecting the security token to a host and for 
providing to the security token a power supply for operating at least said 
public-key mechanism. 

2. The security token according to claim l s further comprising a display, for 
displaying at least a one-time password. 

3. The security token according to claim 1, further comprising a smartcard chip, for 
secure storage of keys and for rendering security-related functionality, 

4. The security token according to claim 1, wherein said one-time password 
mechanism includes means for generating a one-time value, said means selected 
from the group consisting of: 

• a real-time clock; and 

• a counter. 

5. The security token according to claim 1, wherein said communication means is 
selected from the group consisting of: 



9 



• a display for displaying a password and thereafter manually providing a 
displayed value of said password to said host; 

• a wired connection for connecting the security token to said host; and 

• a wireless connection for connecting the security token to said host. 

6, The security token according to claim 5 9 wherein said wired connection provides 
said power supply to the security token. 

7. The security token according to claim 6, further including a chargeable power 
source, operative to be charged by said wired connection for operating the 
security token while not connected to said host. 

8, A one-time password security token, for securely providing a one-time value to a 
host system, the one-time password security token comprising: 

• means for generating the one-time value; 

• a public-key infrastructure mechanism, for performing a public-key 
functionality with respect to the one-time value; and 

• communication means for connecting the security token with the host system 
and for providing an encrypted one-time value to the host system. 

9. The one-time password security token according to claim 8, wherein said public- 
key functionality with respect to the one-time value is selected from the group 
consisting of: 

• encrypting the one-time value by said public-key functionality; and 

• digitally signing a one-time password. 
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10. The one-time password security token according to claim 8, further comprising a 
display, for displaying at least said encrypted one-time value, 

1 1 . The one-time password security token according to claim 8, further comprising a 
smartcard chip, for rendering security-related functionality. 

12. The one-time password security token according to claim 8, wherein the one-time 
value is selected from the group consisting of: 

• a real-time; 

• a value of a counter; and 

• a group of random numbers. 

13. The one-time password security token according to claim 8, wherein said 
communication means is selected from the group consisting of: 

• a display for displaying a password and thereafter manually providing a 
displayed value of said password to the host system; 

• a wired comiection to the host system; and 

• a wireless connection to the host system. 

14. The one-time password security token according to claim 13, wherein said wired 
connection further provides power to the one-time password security token. 

15. The one-time password security token according to claim 14, further comprising a 
chargeable power source, operative to be charged by said wired connection, for 
operating said security token while not connected to the host system. 

16. A security system comprising: 

• at least one security token including; 

11 



■ a token one-time password mechanism, for rendering one-time password 
functionality; 

■ a token public-key mechanism, for rendering public-key functionality with 
respect to said token one-time password functionality; and 

* token communication means for connecting said at least one security 
token to a host and for providing to said at least one security token power 
for operating at least said token public-key mechanism; 

• a host system including: 

■ a host one-time password mechanism, corresponding to said token one- 
time password mechanism of said at least one security token, for rendering 
one-time password functionality; 

■ a host public-key mechanism, corresponding to said token public-key 
mechanism of said at least one security token, for rendering public-key 
functionality; 

- host communication means, corresponding to said token communication 
means of said at least one security token, for communicating with said at 
least one security token and for providing to said at least one security 
token power for operating at least said token public-key mechanism. 

The system according to claim 1 6, wherein said token communication means is 
selected from the group consisting of: 

• a display embedded within said at least one security token, for displaying a 
password and thereafter manually providing a displayed value of said 
password to said host system; and 
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• a wired connection operative to supply to said at least one security token 
power for operating at least said token public-key mechanism, 

18. The system according to claim 17, wherein said at least one security token further 
comprises a chargeable power source operative to be charged by said wired 
connection, for operating said at least one security token while not connected to 
said host. 

19. A method for authenticating a client by a host system, the method comprising: 

• at the client: 

■ generating a first one-time value; 

■ performing a client public-key functionality with respect to said first one- 
time value; and 

* providing said first one-time value to the host system; and 

• at the host system: 

■ performing public-key functionality corresponding to said client public 
key functionality with said first one-time value; and 

■ generating a second one-time value; and 

• authenticating the client if said second one-time value corresponds to said first 
one-time value. 

20. The method according to claim 19, wherein a public-key functionality with 
respect to a one-time value is selected from the group consisting of: 

• encrypting said one-time value; and 

• digitally signing said one-time value, 
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21, The method according to claim 19, wherein said client is a security token. 

22. The method according to claim 21, wherein said providing said first one-time 
value to said host system is carried out by a member of the group consisting of: 

* providing a display of said first one-time value at the client and thereafter 
manually providing said first one-time value from said display to said host; 

• a wired comiection from said security token to said host system; and 

# a wireless connection from said security token to said host system. 
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